Tuesday, January 19, 2010

Call me crazy (it wouldn't be the first time, trust me), but I haven't used an authenticator this entire time. Bad K, bad! But yesterday I finally downloaded the mobile app on my iPhone (I know, I know... having an iPhone, I've had no excuse) and linked it to my battlenet account. Well, let me be a little more specific on what might have finally convinced me to do this. Checking my blog statcounter info, I've found a couple of IP addresses that are repeatedly accessing my gold cap post. Hmmm. Gold sellers? Hackers?

So then I log on last night for the first time post authenticator, and I check my mail to pick up my corehound pet and I find a note from Nkm. He had sent me some enchanting mats with a somewhat confused note saying that he wasn't sure where these went in our guild bank, so I should take care of it. Sidenote: I am sort of a guild bank nazi in terms of where things go, which tabs they are in, and general organization.

I read Nkm's note with a bit of confusion, because its been obvious for a while where our enchanting mats go. Thus, I head over to our guild bank, pop it open and what??!? We have pretty much lost every single enchanting mat we had. All that was left was 7 Infinite Dusts. In its place, a bunch of crap was put in the bank. I then check out the other bank tabs and find that someone has withdrawn some potions, flasks, and all our fish feast as well.

What's even odder is that this is a more casual player who has been in our guild a while, but someone who does not raid with us. Hmmm. It did seem unlikely that they would ninja the guildbank, so Jess then goes to look her up on the armory. Jess finds that they have been stripped of all of their epic gear, probably having been disenchanted because enchanting was one of her professions. Aw man. She, and our guildbank have been hacked! What a coinkidink... on the day that I personally chose to download the mobile authenticator!

I feel horrible for her, and I hope that the process of restoring what she had isn't too painful (though I've heard it can take weeks). While it sucks that we lost things from the guildbank, it could have been much worse. Luckily we had limited access on the gold in there so no money was taken. Jess put in a ticket, and we'll see if any of the stuff ends of getting replaced. My comment when we were talking on vent and how we could replace our guildie's personal stuff as well as the guild bank?

"Hmmm, we should find someone with a ton of gold. Do you know anyone?" :p

P.S: Screw you hackers
P.P.S: Screw you gold sellers to whom hackers sell the gold that they hack
P.P.P.S: Screw you players who buy gold from gold sellers, thus perpetuating this cycle

I know how badly this hurts. I got hacked twice in the space of 3 months before I wised up and got an authenticator. In both instances all of my gear (except badge gear), bags and gold were taken. And my guild bank was hit for any item that could be vendored. It took about 3 days the first time and about 5 days the second time to get my items and the guild bank items restored. But, in the end, everything went back to normal. I found multiple toons on my account that weren't mine who were loaded to the gills with crusader orbs and epic gems (pre patch 3.3). I actually made about 7K gold on the stuff the hackers left behind once my own stuff was restored. Bliz was even so kind as to send me back the Stonekeeper's Shards and badges used to purchase these things. Everything should be fine, you just have to give it a few days. :)

Appears we dodged the bullet - got home and the guild bank were still full. Not that a tiny guild like ours has a lot in it, but woulda been an annoyance. Trying to figger out if the bugger in question were actually hacked, or just did some absent-minded professor thing to his account (known him IRL fer 25 years, so I's sure he ain't pullin' sumthin'). We did fer sure get hacked over Thanksgiving - I guess they like holidays, so as to delay the Blizz response.

Re: Klepsacovic's comment - I was only in one guild (and only for a little while) that wouldn't promote you from the "initiate rank" until you had proven (I'm not sure how - honesty?) that you had an authenticator. (Since higher ranks have access to the guild bank.) Now, though, since we do have the corehound pet, it would be quite easy to verify.

Actually, since I was put face to face with the "need" to get the authenticator, I figured I may as well and downloaded it on my iPhone. Right after, I read a post about how someone's guildie had been hacked and everything taken/disenchanted and the guild bank completely cleared. And I felt better that I had the authenticator, even though this person was so unlucky as to get hacked.

Makes you feel a little safer, doesn't it? Even if the coincidence of the occurrences is unsettling.

@Anea: Yeah, I think most of our officers now have the authenticator, and thus are the only ones that can take money out. But I don't know if we will change guild bank access to require an authenticator. Perhaps we will just limit the number of stacks you can take out.

I know this is a late post on this topic but you need to remember one thing about the iPhone authenticator: If you ever have to reset your iPhone for some reason, the authenticator also gets reset and will no longer work with your account. The end result is you have to go through the 'i lost my authenticator' dance with battle.net to get your account working again. The authenticators they sell for six bucks last quite a long time and will keep this from happening to you. I used the iPhone authenticator only long enough to get my regular hardware one in the mail. I'm too terrified of having to emergently reset my iPhone for some other reason and locking myself out of WoW on accident.